SUMMARY kio sftp does an additional chmod on uploaded files, which overrides server-side enforced permissions. The issue does not occur with the standard sftp command-line client. STEPS TO REPRODUCE I have a server running RHEL 9 where sftp-server enforces file permissions with the -m switch, using the following configuration in /etc/openssh/sshd_config: `Subsystem sftp /usr/libexec/openssh/sftp-server -m 0660 -u 0006` This is a Fedora/RHEL-specific feature, as can be seen [here](https://src.fedoraproject.org/rpms/openssh/blob/f34/f/openssh-6.7p1-sftp-force-permission.patch). To reproduce, upload a file with permission bits 600 via Dolphin. OBSERVED RESULT If I upload a file with permission bits 600 with Dolphin, it ends up with 600. sftp-server debug log: ``` Jul 05 12:18:02 rlvm sftp-server[13792]: open "/srv/test/upload.txt.part" flags WRITE,CREATE,TRUNCATE mode 0660 Jul 05 12:18:02 rlvm sftp-server[13792]: debug1: request 10: sent handle handle 0 Jul 05 12:18:02 rlvm sftp-server[13792]: debug1: request 11: write "/srv/test/upload.txt.part" (handle 0) off 0 len 2 Jul 05 12:18:02 rlvm sftp-server[13792]: sent status Success Jul 05 12:18:02 rlvm sftp-server[13792]: close "/srv/test/upload.txt.part" bytes read 0 written 2 Jul 05 12:18:02 rlvm sftp-server[13792]: sent status Success Jul 05 12:18:02 rlvm sftp-server[13792]: rename old "/srv/test/upload.txt.part" new "/srv/test/upload.txt" Jul 05 12:18:02 rlvm sftp-server[13792]: sent status Success Jul 05 12:18:02 rlvm sftp-server[13792]: debug1: request 14: setstat name "/srv/test/upload.txt" Jul 05 12:18:02 rlvm sftp-server[13792]: set "/srv/test/upload.txt" mode 0600 Jul 05 12:18:02 rlvm sftp-server[13792]: sent status Success ``` EXPECTED RESULT If I upload a file with permission bits 600 by using the sftp command, it ends up with 660 on the server, as expected. sftp-server debug log: ``` Jul 05 12:48:50 rlvm sftp-server[14962]: sent status Success Jul 05 12:48:56 rlvm sftp-server[14962]: open "/srv/test/upload.txt" flags WRITE,CREATE,TRUNCATE mode 0660 Jul 05 12:48:56 rlvm sftp-server[14962]: debug1: request 13: sent handle handle 0 Jul 05 12:48:56 rlvm sftp-server[14962]: debug1: request 15: write "/srv/test/upload.txt" (handle 0) off 0 len 2 Jul 05 12:48:56 rlvm sftp-server[14962]: sent status Success Jul 05 12:48:56 rlvm sftp-server[14962]: close "/srv/test/upload.txt" bytes read 0 written 2 Jul 05 12:48:56 rlvm sftp-server[14962]: sent status Success ``` SOFTWARE/OS VERSIONS Linux/KDE Plasma: Fedora 37 KDE Plasma Version: 5.27.4 KDE Frameworks Version: 5.105.0 Qt Version: 5.15.9 ADDITIONAL INFORMATION As you can see, the culprit is the additional mode change. I assume this line of code causes this: https://github.com/KDE/kio-extras/blob/master/sftp/kio_sftp.cpp#L1545 Why is this explicit chmod being done here? Would it be possible to remove this? Thank you!
When the client asks for a given permissions set we need to try to apply that set in kio-sftp. Moving bug to dolphin, though I'm almost sure it tries to forward the permissions the local file has, so that too may be working as intended.
(In reply to Harald Sitter from comment #1) > When the client asks for a given permissions set we need to try to apply > that set in kio-sftp. Moving bug to dolphin, though I'm almost sure it tries > to forward the permissions the local file has, so that too may be working as > intended. Isn't that already done by this line? https://github.com/KDE/kio-extras/blob/master/sftp/kio_sftp.cpp#L1458 To my best knowledge, sftp-server preserves the mode requested by the client (unless the -m switch is present, which is why it was implemented) without the need of an additional chmod. From what I can tell, Dolphin passes the local permissions to kio core, which passes them to kio sftp, all of which assume that file permissions should be preserved.
Now this rings a bell. There was already a report about this! *** This bug has been marked as a duplicate of bug 345687 ***